' . __('For more information:') . '
' . - '' . __('Documentation on Network Users') . '
' . - '' . __('Support Forums') . '
' + '' . __('Documentation on Network Users') . '
' . + '' . __('Support Forums') . '
' ); if ( isset($_REQUEST['action']) && 'add-user' == $_REQUEST['action'] ) { check_admin_referer( 'add-user', '_wpnonce_add-user' ); + if ( ! current_user_can( 'manage_network_users' ) ) - wp_die( __( 'You do not have permission to access this page.' ) ); + wp_die( __( 'You do not have permission to access this page.' ), 403 ); if ( ! is_array( $_POST['user'] ) ) wp_die( __( 'Cannot create an empty user.' ) ); - $user = $_POST['user']; + $user = wp_unslash( $_POST['user'] ); $user_details = wpmu_validate_user_signup( $user['username'], $user['email'] ); if ( is_wp_error( $user_details[ 'errors' ] ) && ! empty( $user_details[ 'errors' ]->errors ) ) { $add_user_errors = $user_details[ 'errors' ]; } else { $password = wp_generate_password( 12, false); - $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, esc_html( $user['email'] ) ); + $user_id = wpmu_create_user( esc_html( strtolower( $user['username'] ) ), $password, sanitize_email( $user['email'] ) ); if ( ! $user_id ) { $add_user_errors = new WP_Error( 'add_user_fail', __( 'Cannot add user.' ) ); } else { - wp_new_user_notification( $user_id, $password ); + /** + * Fires after a new user has been created via the network user-new.php page. + * + * @since 4.4.0 + * + * @param int $user_id ID of the newly created user. + */ + do_action( 'network_user_new_created_user', $user_id ); wp_redirect( add_query_arg( array('update' => 'added'), 'user-new.php' ) ); exit; } @@ -67,15 +74,14 @@ if ( isset($_GET['update']) ) { $title = __('Add New User'); $parent_file = 'users.php'; -require('../admin-header.php'); ?> +require( ABSPATH . 'wp-admin/admin-header.php' ); ?>' . $msg . '
' . $msg . '